OpenID + Simple Registration Information Exchange
josh at janrain.com
Wed Mar 15 23:44:22 UTC 2006
We all know that there is a lot more to identity than is provided by
OpenID. OpenID's aim has been to provide the smallest possible step
that gets us closer to the goal of a full user-controlled digital
identity system. What OpenID does, it does well, which is to provide a
simple authentication system which lowers the bar for using different
web sites, as well as a host of other nice effects. There is still a
common case that gets in the way of OpenID providing seamless
interaction across enabled Web sites, and that case is that the Web
site needs to know some information about the user before the user is
allowed to proceed.
Yesterday, Brad and David from LiveJournal were in our office, and we
talked through a solution to this problem that gets us a step closer
to the ideal, but is still very easy to implement as an extension to
OpenID. It is a very focused profile-exchange mechanism that
provides information that is commonly needed for registering with a
Web site. With this addition, the user controls which parts of his or
her profile will be sent to a given relying party.
We wrote up a specification and did a proof-of-concept implementation
that transferred data from our web services to LiveJournal, and back.
Our Python and Ruby OpenID libraries have been modified to include
support for doing simple registration information exchange as both a
client and server. We will release this code soon, as well as port it
to our other language implementations (Java, PHP, C#, Perl).
Please read the proposal for extending OpenID and give us feedback.
This protocol is not the end-game solution, but a step on that
journey, that makes people's online experience better today. Please
read with that in mind.
Josh Hoyt <josh at janrain.com>
More information about the yadis